I have below .htaccess code in images folder of my cs-cart site:
PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KU2VjRmlsdGVyRW5naW5lIE9mZg0KPC9JZk1vZHVsZT4 | base64 -d
what is the use of this .htaccess code. when checked server error log it is showing below error
/var/www/html/mysite/images/.htaccess: Invalid command 'PElmTW9kdWxlIG1vZF9zZWN1cml0eS5 jPg0KU2VjRmlsdGVyRW5naW5lIE9mZg0KPC9JZk1vZHVsZT4'
perhaps misspelled or defined by a module not included in the server configuration
I got to know the reason for this error, Somebody through scripting created .htaccess file in images folder of our site which is a big threat.
We are now changing the folder permissions, but is there any other way to handle this kind of threats?
This is the result of a recent vulnerability in the CS-Cart product.
The recent message sent to CS-Cart Customers.
Publish date: May 26, 2014
Affected versions: 2.x.x, 3.0.x, 4.0.x, 4.1.1 to 4.1.2
Vulnerability type: Arbitrary code execution
Severity: CriticalSummary
The update fixes a vulnerability that can result in a remote unauthenticated attacker executing arbitrary script in the context of the end-user's browser session.
Check if your site was affected
Check if the following files exist in the CS-Cart directory on your server: js/thumbs.php images/test.gif
If these files exist, immediately remove them.
We also recommend to check your server for new unknown files and unauthorized file changes.
Solution
Follow the instructions for your CS-Cart or Multi-Vendor version:
1) In CS-Cart 4.0.x, 4.1.1 to 4.1.2 and Multi-Vendor 4.0.x, 4.1.1 to 4.1.2:
a) Delete the file app/payments/atos.php
b) Delete the directory app/payments/atos_files
c) Delete the file app/payments/hsbc.php
d) Delete the directory app/payments/hsbc_files2) In CS-Cart 2.x.x and 3.0.x (all editions)
a) Delete the file payments/atos.php
b) Delete the directory payments/atos_files
c) Delete the file payments/hsbc.php
d) Delete the directory payments/hsbc_files